package com.pos.clothes.config;


import com.pos.clothes.pojo.User;
import com.pos.clothes.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

import javax.annotation.Resource;
import java.util.HashSet;
import java.util.Set;


/**
 * 自定义realm
 * @author shengwu ni
 */
public class CustomRealm extends AuthorizingRealm {

    @Resource
    private UserService userService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        // 获取用户名
        String username = (String) principalCollection.getPrimaryPrincipal();
        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
//        // 给该用户设置角色，角色信息存在 t_role 表中取
//        authorizationInfo.setRoles(userService.getRoles(username));
//        // 给该用户设置权限，权限信息存在 t_permission 表中取
//        authorizationInfo.setStringPermissions(userService.getPermissions(username));

        Set<String> stringSet = new HashSet<>();

        stringSet.add((userService.getByUsername(username)).getActor().getPerm());
        authorizationInfo.setStringPermissions(stringSet);
        return authorizationInfo;


//        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
//        User userInfo = (User) principalCollection.getPrimaryPrincipal();
//        for (SysRole role : userInfo.getRoleList()) {
//            authorizationInfo.addRole(role.getRole());
//            for (SysPermission p : role.getPermissions()) {
//                authorizationInfo.addStringPermission(p.getPermission());
//            }
//        }
//        return authorizationInfo;

    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        // 根据 Token 获取用户名，如果您不知道该 Token 怎么来的，先可以不管，下文会解释
        String gonghao = (String) authenticationToken.getPrincipal();
        // 根据用户名从数据库中查询该用户
        User user = userService.getByUsername(gonghao);
        if(user != null) {
            // 把当前用户存到 Session 中
            SecurityUtils.getSubject().getSession().setAttribute("user", user);
            // 传入用户名和密码进行身份认证，并返回认证信息
            AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(user.getGonghao(), user.getPassword(), "customRealm");
            return authcInfo;
        } else {
            return null;
        }
    }
}
